Digital Transactions Authoritative, insightful and timely information for payments professionals
With the unrelenting rise of phishing attacks, banks and merchants are hunting for new ways to secure the identity of consumers in online transactions. That's creating opportunities for companies like LexisNexis, proprietor of one of the world's largest databases of public-record information. Now the company's RiskWise unit is looking at extending its authentication service, now mainly focused on vetting account applications, to individual transactions. Jim Vaules, a former Federal Bureau of Investigation agent and vice president at LexisNexis, says less than 10% of the volume of RiskWise traffic is currently transaction-based, but that could grow rapidly. “It's pretty clear there is demand for that,” he says. RiskWise runs a series of three checks against public-record data to authenticate users. First, it checks to make sure the data elements submitted by online applicants are real rather than fake. Second, it checks that the submitted elements belong together, that is, that a zip code or phone number belongs with a street address. Third, it checks that the data submitted match up to the name submitted. The service then returns a risk score the client can use to decide whether further review is necessary. LexisNexis runs these checks against some 1,600 data sources, including voter-registration rolls, property records, phone directories, and motor-vehicle records. The three-part check takes under a second, says Vaules. The RiskWise unit has grown more than 25% annually over the past five years in both revenue and transactions, he says. Application checks in small volumes cost from $1 to $2 apiece, with high-volume, XML-based queries priced at well under $1. Now more and more spontaneous e-commerce transactions could be subjected to RiskWise as fraud moves from an account-based to a transaction-based focus. “It was very easy for people to assume your identity and go and set up an account, and frankly we've been pretty successful [in fighting] that,” says Vaules. “That brings us to the transaction piece.” He says the unit needs to work out a few issues, including transaction time. Even an added flicker of time could cause abandoned checkouts, he fears. “It can't take too long,” he says, adding that it should be based on pieces of information known only to the user but known readily, so it doesn't require the user to look it up. The number of unique Web sites engaged in phishing fraud jumped to 1,518 last month, an increase of 29% over October, according to the Anti-Phishing Working Group, which tracks the fraud. The number of such sites has grown at a 28% monthly rate since August, the group says, while the volume of unique e-mails reported as phishes reached 8,459, up an average of 34% monthly since July.
